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Arguments 

Appellants filed an Appeal Brief on December 2, 2008, explaining clearly and in 
detail why Claims 1-17 and 19 are allowable over the prior art cited by the Examiner in the 
Final Office Action dated May 16, 2008. Specifically, Appellants demonstrated the 
impropriety of the proposed Elmore-Gadbois-Moran combination. Additionally, Appellants 
demonstrated that at least independent Claims 1 and 8 and dependent Claims 7 and 14 are 
allowable over the proposed Elmore-Gadbois-Moran combination. 

While Appellants appreciate the Examiner's thoughtful consideration of this case and 
the Examiner's thorough response in the Examiner's Answer dated August 24, 2009, 
Appellants respectfully submit that these rejections continue to be improper and should be 
reversed by the Board. 

I. Claims 1-6, 8-13, and 15-20 are Allowable over the Proposed Elmore-Gadbois- 
Moran Combination 

In the Appeal Brief, Appellants demonstrated that the proposed Elmore-Gadbois- 
Moran combination does not disclose, teach, or suggest the combination of elements recited 
in Appellants' claims. 

A. The proposed Elmore-Gadbois-Moran combination does not disclose, 
teach, or suggest "matching a distinguished name associated with the user 
and at least a portion of the distinguished name associated with the object" 

For example, Appellants demonstrated that the proposed Elmore-Gadbois-Moran 
combination does not disclose, teach, or suggest "matching a distinguished name associated 
with the user and at least a portion of the distinguished name associated with the object," as 
recited in Claim 1 . In the Examiner 's Answer, the Examiner continues to point to the Moran 
for disclosure of matching a user ID from authenticated credentials against the object's ACL 
entries. (Examiner's Answer, page 9). Specifically, the Examiner contends that Moran 
discloses that an ACL entry includes "an identifier of the type (i.e., ID of the user)" and that 
this type is matched with the name of the user. (Examiner's Answer, page 10). Appellants 
continue to respectfully disagree. 
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As stated in the Appeal Brief, Moran discloses that "Access Control Lists (ACLs) are 
used to describe the permitted actions (permissions) on protected network computer system 
resources or objects associated with a client or user identity." {Moran, Abstract). 
Specifically, Moran discloses that an ACL policy includes "user and group designations, and 
their specific permissions." (Moran, page 4, paragraph 70). Accordingly, Moran merely 
discusses storing in a central database a list that identifies a user by user name and associates 
with the user name the objects that the user has permission to access. For modification of an 
object by a user, Moran discloses that the "user ID From the authenticated credentials is 
matched (91) with the requested protected object's ACL entries." (Moran, page 6, paragraph 
115). Thus, according to the disclosure of Moran, the Authorization Service receives a user 
request identifying a user by a user name and a requested object. (Moran, page 3, paragraphs 
46-47). Then, "the userlD from the authenticated credentials is matched (91) with the 
requested protected object's ACL entries." (Moran, page 6, paragraph 115). Thus, the 
Authorization Service looks up the user name in the ACL, which is stored in a centralized 
database. "The permissions granted (93) are those in the matching entry or entries." (Moran, 
page 6, paragraph 115). 

As such, the "matching" referred to in Moran merely includes using a list to associate 
an object with a user to give that user permission to access the object. Specifically, the name 
of the requested object is used to pull up the ACL list for that object. The user's name in the 
request is then matched with an entry in the list that includes the user's name. Appellants 
respectfully submit that accessing a list that includes a user name and a user object to which 
that user has access is not analogous to "matching a distinguished name associated with the 
user and at least a portion of the distinguished name associated with the object," as 
recited in Claim 1. There is no disclosure in Moran that one would be able to match the 
name of the user with at least a portion of the name of the object. Rather the name of the 
object is merely used to pull up the appropriate ACL list. 

As an example, Moran describes the credentials and an authorization request for Bill 
Smith of ABC Corporation. (Moran, page 3, paragraphs 46-47). In the example, Bill Smith 
attempts to "modify" a protected system file "ABC 40 lk summaries." The request includes 
"B_Smith, ABC employees, "modify", "ABC_401k_summaries" Thus, the name of the 
user is "Bill Smith" or "B_Smith" and the name of the file is "ABC_401k_summaries." The 
name of the file "ABC 401k summaries" does not include the name of the user and cannot 
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be matched with "B_Smith." Rather, the name of the file, "ABC_401k_summaries" is used 
to pull up an ACL list for that file. It is then determined if "B_smith" is listed as having 
access to the file. Accordingly, Moran merely discloses matching the name of the user, as 
presented in the request, with the name of the user, as presented in the ACL list for the object. 
The proposed Elmore-Gadbois-Moran combination does not disclose, teach, or suggest 
"matching a distinguished name associated with the user and at least a portion of the 
distinguished name associated with the object," as recited in Claim 1. 

B. The proposed Elmore-Gadbois-Moran combination does not disclose, 
teach, or suggest "providing the user access to the object in response to 
matching the distinguished name associated with the object and the 
distinguished name associated with the user" 

As at least a second point of error, Appellants demonstrated that the proposed Elmore- 
Gadbois-Moran combination does not disclose, teach, or suggest "providing the user access 
to the object in response to matching the distinguished name associated with the object and 
the distinguished name associated with the user," as recited in Claim 1 . In the Examiner 's 
Answer, the Examiner continues to point to Moran for disclosure of matching a user ID from 
authenticated credentials against the object's ACL entries. (Examiner's Answer, page 10). 
For reasons similar to those discussed above in Section 11(A) of this Reply Brief, Appellants 
respectfully disagree. 

As discussed above, Moran discloses that "Access Control Lists (ACLs) are used to 
describe the permitted actions (permissions) on protected network computer system resources 
or objects associated with a client or user identity." (Moran, Abstract). Specifically, Moran 
discloses that an "ACL policy is made up of one or more entries that include user specific 
permissions or rights" and is used to "provide the Authorization Service with information to 
make a "yes" or "no" answer on a specific request to access a protected object, and to 
perform some operation on that object." (Moran, page 3, paragraph 62). Thus, according to 
Moran, a list that identifies a user by user name and associates with the user name the objects 
that the user has permission to access is stored in a central database. Accordingly, when a 
request is received, the name of the requested object is used to pull up the ACL list for that 
object. The user's name in the request is then matched with an entry in the list that includes 
the user's name. Accordingly, Moran merely discloses matching the name of the user, as 
presented in the request, with the name of the user, as presented in the ACL list for the object. 
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Because Moran does not disclose that one would be able to match the name of the user with 
at least a portion of the name of the object, Moran is deficient with respect to Applicant's 
claim language. Specifically, because Moran and the proposed Elmore-Gadbois-Moran 
combination does not disclose, teach, or suggest matching a distinguished name associated 
with the user and at least a portion of the distinguished name associated with the object, 
the proposed combination also cannot be said to disclose, teach, or suggest "providing the 
user access to the object in response to matching the distinguished name associated with 
the object and the distinguished name associated with the user," as recited in Claim 1 . 

C. Conclusion 

For these reasons, Appellants continue to submit that Claim 1, together with Claims 2-6 
and 17-18 that depend on Claim 1, are allowable over the proposed Elmore-Gadbois-Moran 
combination. Similar to Claim 1, independent Claim 8 recites "code for matching a 
distinguished name associated with the user and at least a portion of the distinguished name 
associated with the object" and "code for providing the user access to the object in response to 
matching the distinguished name associated with the object and the distinguished name 
associated with the user" and "code for modifying the object as requested by the user in 
response to the user accessing the object." As such, for at least those reasons discussed above 
with regard to Claim 1, Claim 8, together with Claims 9-16 and 19-20 that depend on Claim 8, 
is also patentably distinguishable from and allowable over the proposed Elmore-Gadbois- 
Moran combination. 

II. Claims 7 and 14 are Allowable over the Proposed Elmore-Gadbois-Moran 
Combination 

In the Appeal Brief, Appellants demonstrated that the proposed Elmore-Gadbois- 
Moran combination does not disclose, teach, or suggest the combination of elements recited 
in Appellants' claims. Specifically, Appellants demonstrated that the proposed Elmore- 
Gadbois-Moran combination does not disclose, teach, or suggest "providing a Distinguished 
Name of an object revealing a chain of ownership and control for the object," as recited in 
Claim 7. In the Examiner's Answer,, the Examiner continues to rely specifically upon the 
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disclosure of Gadbois for the recited operation. {Examiner's Answer, page 6). Appellants 
continue to respectfully disagree. 

Gadbois discloses that within a DIT, "[a] first tier or set of nodes coupled to the host 
node include a set of nodes representative of organizations." {Gadbois, page 3, paragraph 
27). Beneath the organization nodes, the DIT includes "a number of interior sub-nodes which 
contain further information, or links to further information, regarding the respective 
organization." {Gadbois, page 3, paragraph 28). As illustrated in Figure 2, these sub-nodes 
include "Groups," "Business Services," and "Publisher Assertions" associated with the 
Organization. However, while Gadbois discloses that nodes are organized by organization 
there is no disclosure in Gadbois that a distinguished name of an object reveals the chain of 
ownership and control for the object. For example, there is no disclosure that the 
Distinguished Names of each of "Groups," "Business Services," or "Publisher Assertions" 
specifically reveal the ownership and control for those objects. In fact, Gadbois is silent as to 
the naming of the of the sub-nodes. Accordingly, Gadbois and the proposed Elmore- 
Gadbois-Moran combination does not disclose, teach, or suggest "providing a Distinguished 
Name of an object revealing a chain of ownership and control for that object," as recited in 
Claim 7. 

Conclusion 

For these reasons, Appellants continue to respectfully submit that Claim 7 is allowable 
over the proposed Elmore-Gadbois-Moran combination. Similar to Claim 7, dependent Claim 
14 recites "code for providing a Distinguished name of an object revealing a chain of 
ownership and control for the object." As such, for at least those reasons discussed above with 
regard to Claim 7, Claim 14 is also patentably distinguishable from and allowable over the 
proposed Elmore-Gadbois-Moran combination. 
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CONCLUSION 

Appellants have demonstrated that the present invention, as claimed, is clearly 
distinguishable over the prior art cited by the Examiner. Therefore, Appellants respectfully 
request the Board to reverse the final rejections and instruct the Examiner to issue a Notice of 
Allowance with respect to all pending claims. 

No fees are believed due; however, the Commissioner is authorized to charge any 
additional fees or credits to Deposit Account No. 02-0384 of Baker Botts, L.L.P. 



Respectfully submitted, 

BAKER BOTTS L.L.P. 
Attorneys for Appellants 
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